AddIdentityBearerToken should not be generic #49404
Comments
|
We can remove the generic parameter. The original version used the TUser to register an OnSigningIn callback with the auth handler for the security stamp validation. See After @Tratcher's PR feedback, we wound up moving the refresh token validation logic into the API endpoint directly. The auth handler now issues the refresh token but never validates it. If the API endpoint determines the refresh token is valid, it just does a normal "SignIn" again like it would after a normal username/password login. I considered removing the generic parameter, but I figured we might need it in the future. Note that this only affects the Identity APIs which are often generic. AddBearerToken itself is not generic. But you're right that it's not necessary right now. |
|
I think we should remove it. |
mkArtakMSFT
added
the
enhancement
Backport of #49498 to release/8.0-preview7 /cc @halter73 # Add more MapIdentityApi endpoints ## Description This adds the following new endpoints: - GET /confirmEmail - POST /resendConfirmationEmail - POST /resetPassword - GET /account/2fa - POST /account/2fa - GET /account/info - POST /account/info Additionally, the existing /login endpoint now accepts 2fa codes and 2fa recovery codes as part of the request body. These can be queried and regenerated from /account/2fa. The /login endpoint now also gives limited failure reasons in the form of application/problem+json instead of empty 401 responses with details such as "LockedOut", "RequiresTwoFactor", "NotAllowed" (usually because lack of email confirmation), and the generic "Failed" statuses. Fixes #47232 (lockout support) Fixes #47231 (reset password support) Fixes #47230 (2fa support) Fixes #47229 (change username and password) Fixes #49404 (Removes AddIdentityBearerToken which is no longer needed) ## Customer Impact This makes the MapIdentityApi API introduced in preview4 more usable. See https://devblogs.microsoft.com/dotnet/asp-net-core-updates-in-dotnet-8-preview-4/#auth where we promised the following. > In addition to user registration and login, the identity API endpoints will support features like two-factor authentication and email verification in upcoming previews. You can find a list of planned features in the issues labeled [feature-token-identity](https://github.com/dotnet/aspnetcore/issues?q=is%3Aopen+label%3Afeature-token-identity+sort%3Aupdated-desc) on the ASP.NET Core GitHub repository. This PR adds all of these features, and it's important to make this available to customers as soon as possible, so we have time to react to any feedback. It appears customers are [excited to give it a go.](https://www.reddit.com/r/programming/comments/13jxcsx/aspnet_core_updates_in_net_8_preview_4_net_blog/jki0p3g/) ## Regression? - [ ] Yes - [x] No ## Risk - [ ] High - [ ] Medium - [x] Low This is primarily new API with minimal changes to SignInManager that should have no impact unless used by the new MapIdentityApi endpoints. ## Verification - [x] Manual (required) - [x] Automated ## Packaging changes reviewed? - [ ] Yes - [ ] No - [x] N/A
mkArtakMSFT
added
the
breaking-change
Background and MotivationRemove unnecessary code. Proposed API// Microsoft.AspNetCore.Identity.dll
namespace Microsoft.AspNetCore.Identity;
- public static class IdentityAuthenticationBuilderExtensions
- {
- public static AuthenticationBuilder AddIdentityBearerToken<TUser>(this AuthenticationBuilder builder)
- where TUser : class, new()
- public static AuthenticationBuilder AddIdentityBearerToken<TUser>(this AuthenticationBuilder builder, Action<BearerTokenOptions> configure)
- where TUser : class, new()
- }Usage ExamplesNo instead of calling // ...
builder.Services.AddAuthentication()
.AddIdentityBearerToken<ApplicationUser>();
// ... You'd call the normal Alternative DesignsJust remove the generic parameter, but keep RisksIt's a breaking change, but the workaround is easy and it's in a preview. |
halter73
added
the
api-ready-for-review
|
Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:
|
|
API Review Notes:
API Approved! |
halter73
added
api-approved
ghost
locked as resolved and limited conversation to collaborators
and others
After playing with the APIs introduced in #47228, I realized that making the API generic is pretty pointless. The TUser isn't used to discriminate any options so it seems superfluous.
The text was updated successfully, but these errors were encountered: